Re: _FORTIFY_SOURCE and strncat(), buggy?
Re: _FORTIFY_SOURCE and strncat(), buggy?
- Subject: Re: _FORTIFY_SOURCE and strncat(), buggy?
- From: "Sean McBride" <email@hidden>
- Date: Thu, 24 Jul 2008 18:45:11 -0400
- Organization: Rogue Research
On 7/24/08 1:45 PM, Greg Guerin said:
>Sean McBride wrote:
>
>> size_t size = 50;
>> char* buffer = (char*)calloc(size, 1);
>> // buffer[0] = 'q'; // uncomment this to 'fix'.
>>
>> strncat(buffer, "test", (size-1));
>
>Seems slightly wrong to me. I think strncat's 3rd arg should be size-2.
>More precisely, it should be:
> size - strlen(buffer) - 1
Right you are, thanks for that.
>I have no idea how this relates to _FORTIFY_SOURCE, I'm just saying
>it seems wrong in the general case of the 2nd arg. Obviously, in
>this specific case, "test" is constant and much less than 50 bytes
>long, which clearly should work. Worse, putting 'q' in buffer[0]
>should cause a buffer overflow (make it fail) in the general case,
>not fix it and make it work.
Thanks for looking at this, I guess I'm off to Radar...
--
____________________________________________________________
Sean McBride, B. Eng email@hidden
Rogue Research www.rogue-research.com
Mac Software Developer Montréal, Québec, Canada
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Xcode-users mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden